Computer Crime Reporting For State Agencies


The California Highway Patrol (CHP) recommends representatives of state agencies reporting computer crimes follow their established internal departmental notification protocols and to include involving the agencies’ Information Security Officer and/or their designee.
The California Compliance and Security Incident Reporting System (Cal-CSIRS) database has been developed by the California Information Security Office (CISO) to facilitate the rapid reporting and notification of computer-related crimes and information technology (IT) security incidents by state agencies. The Cal-CSIRS database will provide notifications to CHP Emergency Notification and Tactical Alert Center (ENTAC) and the Computer Crimes Investigation Unit (CCIU).


To report and submit incidents:

· Navigate to the CISO Cal-CSIRS database at https://CalCSIRS.rsam.com.
· If you do not have a Cal-CSIRS account, please, contact the CISO directly at (916) 445-5239 or by email at security@state.ca.gov .
· If the incident requires immediate law enforcement assistance, please contact the CHP ENTAC at (916) 843-4199, which is staffed 24/7 and will forward the information to CCIU. 

Note: It is the state entity’s responsibility to notify the CISO of the incident by the next business day.

Legal Requirements

computer data

Legal Requirements

 

Government Code Section 14613.7 requires state agencies to report to CHP all crimes on state-owned or state-leased property where state employees are discharging their duties. Specifically, Title 13, California Code of Regulations, Division 2, Chapter 12, Section 1875 requires the reporting of computer crimes involving state computer resources.

Note: Notification of a computer crime to a local law enforcement agency or IT related investigative task force does not relieve state agencies of their obligation to notify the CHP.

Computer Crimes That Require Notification To The CHP

 

The CHP has primary investigative authority for violations of California Penal Code Section 502, subsection (c), where a state agency is the victim. Computer crimes occur when a person does any of the following:

  1. Knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either (A) devise or execute any scheme or artifice to defraud, deceive, or extort, or (B) wrongfully control or obtain money, property, or data.

  2. Knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network.

  3. Knowingly and without permission uses or causes to be used computer services.

  4. Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.

  5. Knowingly and without permission disrupts or causes the disruption of computer services or denies or causes the denial of computer services to an authorized user of a computer, computer system, or computer network.

  6. Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.

  7. Knowingly and without permission accesses or causes to be accessed any computer, computer system, or computer network.

  8. Knowingly introduces any computer contaminant into any computer, computer system, or computer network.

  9. Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and thereby damages or causes damage to a computer, computer system, or computer network.

  10. Knowingly and without permission disrupts or causes the disruption of government computer services or denies or causes the denial of government computer services to an authorized user of a government computer, computer system, or computer network.

  11. Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to  a public safety infrastructure computer system computer, computer system, or computer network.

  12. Knowingly and without permission disrupts or causes the disruption of public safety infrastructure computer system computer services or denies or causes the denial of computer services to an authorized user of a public safety infrastructure computer system computer, computer system, or computer network.

  13. Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or public safety infrastructure computer system computer, computer system, or computer network in violation of this section.

  14. Knowingly introduces any computer contaminant into any public safety infrastructure computer system computer, computer system, or computer network.

Reporting


The Cal-CSIRS database has been developed by the CISO to facilitate the rapid reporting and notification of computer-related crimes and IT security incidents by state agencies. The Cal-CSIRS database will provide notifications to CHP ENTAC and the CCIU. The Cal-CSIRS database is designed to acquire the necessary information to determine the extent of investigative follow-up. Depending on the nature of the computer crime reported, a CHP CCIU Investigator may contact and/or respond to the reporting agency for additional information.

 

Supporting Page